WELCOME. 1

Similar documents
Auditing for Effective Training

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

Banking Money Services Business. Xenia Vieth, Esq. Banco Popular North America

RSM ANTI-MONEY LAUNDERING SURVEY BEST PRACTICES AND BENCHMARKING FOR YOUR BSA/AML PROGRAM

BSA/AML Self-Assessment Tool. Overview and Instructions

Effective Risk Management With AML Risk Assessment. January 25, 2017

ACAMS Update. John J. Byrne, Esq., CAMS Executive Vice President February 5, 2016

CONSULTATION DOCUMENT AML/CFT SUPERVISORY STRATEGY

Bank Secrecy Act Training: Who, What, When, How and Why? Presented by Lynn English Lafayette Federal Credit Union

Anti-Money Laundering Training. One Size Does Not Fit All

Customer Due Diligence A Risk Based Approach. Dr Tony Wicks Director of AML Solutions NICE Actimize

Thomson Reuters SCREENING RESOLUTION SERVICE

Getting ready for any examination brings about the initial

Testing and Reviews. Importance of BSA / AML Training Testing staff on their comprehension of the training

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Customer Due Diligence (CDD) Market Survey. Survey Results. Copyright 2016 NICE Actimize. All rights reserved.

MONITORING YOUR EMPLOYEES SOCIAL MEDIA ACTIVITY

REGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY

BSA Hot Topics. Presented to: New York Bankers Association. May 2015

Financial Services. Testing anxiety Bank Secrecy Act/Anti-money laundering independent testing survey

The New Rule on Customer Due Diligence Key Takeaways from Banker s Toolbox

JOB TITLE: VP, BSA Officer REPORTS TO: SVP, Deposit Operations and Regulatory Compliance/CRA Officer DEPARTMENT: Compliance

SIFMA Anti-Money Laundering & Financial Crimes Conference New York, NY February 8, 2017

ACAMS Utilizing Internal Audits to Pinpoint Gaps in Your Institution s AML Program

The Challenge of AML Models Validation

BSA/AML Compliance in Acquisitions

RDC Risk Management in 2015

Taking ERM to a. 6 GRC Today / October 2015

SURYODAY SMALL FINANCE BANK LIMITED COMPLIANCE POLICY

FMS New York/ New Jersey Chapter Meeting January 14, The Impact of Models. by: Scott Baranowski

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

PRIVACY 101 SETTING UP THE FUNCTION

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

AML/CFT Risk Assessment and Programme: Prompts and Notes for DIA reporting entities. December 2017

AML and Tax Compliance in the Asia-Pacific Region: Investing in KYC Systems, Data, and Processes

ACFE FRAUD PREVENTION CHECK-UP ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

The way we do business

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

Global Anti-Corruption Programs:

HSE Integrated Risk Management Policy. Part 1. Managing Risk in Everyday Practice Guidance for Managers

METROPOLITAN TRANSPORTATION AUTHORITY

Joint Opinion. on the risks of money laundering and terrorist financing affecting the Union s financial sector JC/2017/07.

How to discover ways to sustainable anti-money laundering operations*

Fraud Risk Management

Actimize Essentials AML. Cloud Based Anti-Money Laundering Solutions

Info paper Is your sanctions filter working?

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank

JULY - DECEMBER Your source for current, convenient AML training. acams.org/aml-training-web-seminars

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

SAMPLE SECURITY PLAN

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

AUDIT COMMITTEE CHARTER

Michael Lammie Director, PricewaterhouseCoopers

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management

ANTI-MONEY LAUNDERING, SANCTIONS & ANTICORRUPTION SOLUTIONS EXPERTS WITH IMPACT

Annual Governance Report. Union National Bank-Egypt. Compliance & Governance Department

Financial Services Compliance

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

ISACA. The recognized global leader in IT governance, control, security and assurance

An Overview of the 2013 COSO Framework. August 2013

IBM AML compliance solution

TOOL 8.1. HR Transformation Milestones Checklist. The RBL Group 3521 N. University Ave, Ste. 100 Provo, UT

Modernizing Anti-Money Laundering Practices

REPORT ON FEEDBACK ON MONEY LAUNDERING AND TERRORIST FINANCING CASES AND TYPOLOGIES 1. (Good practices)

COMPLIANCE: Strategic Planning

European CEI. Compliance 101

Risk-Focused Examinations

Strengthening Your Enterprise Risk Management Process

Compliance Program Effectiveness Guide

Independent AML audit essential element or nice to have?

HotScan Risk Screening Solutions Suite

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

S12 - Guidelines for Planning an IS Audit Christopher Chung

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Audit Committee Charter Amended September 3, Tyco International plc

A Strategic Approach to Bank Fraud

Actimize Essentials. Cloud-based Solutions for Financial Crime Prevention & Regulatory Compliance

Measuring What Matters Lisa Young

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Internal audit insights High impact areas of focus

KPMG Internal Audit: Top 10 key risks in 2016

Auditor General s Office APPENDIX 1 REVIEW OF INFORMATION TECHNOLOGY TRAINING. October 30, 2009

Re: PCAOB Rulemaking Docket Matter No. 37

Information paper. Transaction filtering, systems testing and annual certification: driving business benefits

On Alert: Designing Effective AML Monitoring Processes

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Madison Consulting Group. An Introduction to Our Compliance and Regulatory Consulting Services

What Every Internal Auditor Should Know Perspectives of a Chief Compliance Officer

AML for MSBs & FinTech: The Compliance Conundrum. Insight Article. Copyright 2016 NICE Actimize. All rights reserved.

VENDOR RISK MANAGEMENT FCC SERVICES

The Automated Analyst: Transforming Data into Stories with Advanced Natural Language Generation

Compliance Policy 0 Compliance and Corporate Governance Group October 2016

Transcription:

WELCOME 1

The AML Risk Conundrum What Does AML Risk Really Mean? BSA Coalition Training Event November 17, 2016 2

Opening Remarks: Amanda Tucker, BSA Coalition Board Member Executive Vice President I Chief Risk Officer Old Dominion National Bank 3

Melinda Lytle, Moderator Financial Examiner and BSA Specialist, NC Office of the Commissioner of Banks Debra D Arrigo, Panelist Director, AML Compliance, Capital One Lisa G. Varner, Panelist Senior Risk Management Officer and Senior Vice President, United Bankshares, Inc. 4

The views and opinions expressed here are those of the speakers. They do not represent an official position of the Federal Reserve Bank of Richmond or the Federal Reserve System. 5

Panel Objectives List and understand the challenges of implementing and documenting risk-based BSA/AML compliance programs Describe or implement ways to improve communication across business lines within your organizations Develop communication strategies with law enforcement and your regulators to ensure understanding of BSA/AML risk at your organization 6

Welcome and Introduction of Speakers The Definition of Risk - The Conundrum The Challenges of Risk-Based Compliance Programs Risk AssessmentConsiderations Best Practices for Communicating Risk Conclusions Question and Answer Session Closing Remarks Tucker, Amanda Varner, Lisa/Melinda Lytle Lisa Varner, Debra D Arrigo Varner/D Arrigo/Lytle Varner/D Arrigo Varner/Lytle/D Arrigo Varner/Lytle/D Arrigo Tucker, Amanda 7

The Definition of Risk - The Conundrum 8

A technical definition of AML risk: The risk to the institution of regulatory sanctions fines penalties or losses resulting from the facilitation of money laundering or terrorist financing 9

A regulator s perspective of AML risk: Managing risks is fundamental to banking Failure to establish a risk management structure is considered unsafe and unsound 10-1

What is risk? Exposure to the chance of loss, or injury, or dangerous hazardous chance. Page 10-2

The components of risk evaluation: Threats Vulnerabilities Consequences Page 10-3

What are threats? A person or group or object or activity that has potential to cause harm Criminals, terrorist groups, their facilitators and their funds Identifying threats is where understanding risk begins Page 10-4

What are Vulnerabilities? ations Those things that can be exploited by the threat or support or facilitate the activity Evaluate vulnerabilities distinct from threats by focusing on those factors that present weaknesses in your AML systems and controls. Also focus on certain features of your products/services that make them attractive for AML purposes Page 10-5

What are Consequences? Impact or harm financial crimes can cause Risks to the financial system Risks to your institution Impacts your community, your business environment and your reputation Page 10-6

So, what s the conundrum? AML Program definition of risk based is Very broad, inherently subjective in nature Risk is a function of three factors: Threat, Vulnerability, & Consequences Making judgments and everyone defines risk differently: Regulators, Law Enforcement, LOB, Management and Board Misunderstanding may lead to faulty controls or risk mitigants Mitigants can be difficult to operationalize Make sure to bridge the gap and require robust onboarding 11

The Challenges of Risk-Based Compliance Programs 12

Common Challenges of Risk-Based Compliance Programs Deciding the best way to measure and monitor risk in your institution Getting your partners on the same page about risk Implementing controls Communicating risk effectively - to your regulators, your business partners and law enforcement 13

Challenges of Risk-Based Compliance Programs Small Bank Perspective How do we get to risk-based if we don t understand our risk? AML risk can be viewed from multiple perspectives and sources q Reputational, operational q Products, customers, geography Proactively engage our business lines, our regulators, and our local law enforcement 14

Challenges of Risk-Based Compliance Programs Small Bank Perspective Business line challenges q Getting the LOB to understand AML risk Regulatory challenges q Getting regulators on board with your AML risk evaluation q Ask for their input Law enforcement challenges q Getting the right LE officer/agent who will provide information to help build your risk profile 15

Challenges of Risk-Based Compliance Programs Large Bank Perspective Defining how to measure, monitor, control and ultimately report on risk q Systems used, tools, defining roles and responsibilities q Scope and timing of reporting, policies and procedures Aligning with internal and external constituents on a common definition of risk q Ensuring a mutual understanding exists about the quantity of risk exposure Implementing commensurate controls to mitigate risk q Systemic or manual q Detective vs. preventive Communicating risk effectively to management, auditors, regulators and law enforcement 16

Risk Assessment Considerations 17

Risk Assessment Considerations Small Bank Perspective Working with your business lines Resources might be limited Methods to evaluate risk q Utilization of the FFIEC BSA/AML Examination Manual expanded sections and regulatory communications q Periodic meetings to gather and discuss those identified risks BSA Action Team discussions q Assess risk separately or together ML/TF q Looking at trends Key Risk Indicators 18

Risk Assessment Considerations Small Bank Perspective Preparing your written risk assessment Identifying specific risk categories, i.e. products, services, customers, entities, transactions and geographic locations Analysis, controls and risk rating Keeping your risk assessment updated 19

Risk Assessment Considerations Large Bank Perspective Customers Products The risk assessment provides a perfect opportunity to clearly define the inherent risks to be managed throughout the program Inherent Risk Services Transactions Channels Geographies Other Qualitative Factors Emerging Economic Sanctions 20

Risk Assessment Considerations Large Bank Perspective The risk assessment also provides context about the controls in place to mitigate the risk Internal Controls Pillar 1 - Designated Chief AML and Sanctions Officer Pillar 2 - Independent Testing and Oversight Pillar 3 - Training Pillar 4 - Internal Controls, further defined as: Policies and Procedures Politically Exposed Suspicious Activity Persons (PEP) Report (SAR) Filing Customer Identification Risk-Based Transaction Monitoring Program (CIP) Approach (RBA) Customer Due Diligence (CDD) Enhanced Due Diligence (EDD) MIS / Reporting Regulatory Specific Record Keeping and Retention Sanctions Monitoring 21

Risk Assessment Considerations Large Bank Perspective Measure Inherent Risk Assess Internal Controls Calculate Residual Risk The risk assessment measures risk and assesses controls to arrive at a residual risk rating 22

Risk Assessment Considerations Large Bank Perspective Results of the risk assessment should be documented in a formal report. Elements to consider when utilizing the report as a tool to communicate risk: q Broad distribution to all key stakeholders q Report should tell the risk story of the organization q Align with the functional organization but also consider legal entity nuances 23

Risk Assessment Considerations Large Bank Perspective Key elements of a comprehensive risk assessment q Identifies areas of heightened risk q Covers all risks (products, services, customers, entities, transactions, channels, geographies) q Considers forward-looking/emerging risks q Uses a formulaic approach to derive results q Aggregates and prioritizes risks q Provides enhanced risk reporting 24

Best Practices for Communicating Risk 25

Best Practices for Communicating Risk Small Bank Perspective With business lines: q q q Should be shared and communicated with all business lines across the bank as well as board of directors, management, and appropriate staff Organizational awareness, knowledge and understanding Document in a concise and organized manner q Importance of front line staff 26

Best Practices for Communicating Risk Small Bank Perspective With law enforcement: q q q Key in the fight against money laundering and terrorist financing Identifies significant relationships, patterns and trends Can help your institution protect itself 27

Best Practices for Communicating Risk Small Bank Perspective With regulators: Risk assessment is shared during the examination - recommendations from examiners are considered for incorporation into the assessment Ongoing communication of key risk issues through quarterly calls One-off phone calls with regulator about significant AML risk events 28

Best Practices for Communicating Risk Large Bank Perspective All aspects of the compliance management program can be leveraged to implement, document and communicate risk-based AML programs to ensure risks are well understood and managed within the risk tolerance of the organization 29

Best Practices for Communicating Risk Large Bank Perspective Governance, Risk Management, and Compliance (GRC) systems can be leveraged to communicate risk. GRC systems can provide comprehensive documentation of risks and requirements q Inventory of all laws & regulations (risks) to manage q Associate applicable risks to business areas q Demonstrate control coverage q GRC typically forms a basis for compliance monitoring and testing 30

Best Practices for Communicating Risk Large Bank Perspective Policy and Procedures (P&Ps) are another way to communicate risk. Enterprise P&Ps provide Program-level guidance Businesses should implement subordinate procedures q q q Clear articulation of roles and responsibilities Delineate risk takers vs. risk managers End-to-end coverage (onboarding through the account life cycle) 31

Best Practices for Communicating Risk Large Bank Perspective Management Information Systems (MIS) can facilitate management s ability to effectively measure, monitor, control and report on risk. Technology strategy should be prioritized to cover top risks and ensure: q Consistent and accurate customer data collection occurs 1 st Line Data Collection 2 nd Line Data Usage Internal/ External Reporting q q Data is available for use in downstream AML processes Meaningful management reporting can be produced 32

Best Practices for Communicating Risk Large Bank Perspective Reporting is a critical communication mechanism used to reach a broad group of constituents with a consistent message. Key elements of successful reporting q q q q q Audience is defined Level, extent and frequency of reporting is tailored to the audience Key Risk Indicators and Key Performance Indicators included Signal early warnings of adverse trends Overall state of compliance is reflected 33

Best Practices for Communicating Risk Large Bank Perspective Other Program components can be leveraged for communicating risk. Board and Senior Management oversight/escalation channels Auditors, regulators and law enforcement q Audit Proactive engagement q q Regulators Routine meetings; shared reporting; offer deep dive reviews; communicate organizational changes or material risk issues and controls breakdowns promptly Law enforcement FIU should have clear communication channels/established Points of Contact Compliance Monitoring and Testing plans 34

Best Practices for Communicating Risk Large Bank Perspective Training is a required Program pillar and is a key component to ensuring there is a mutual understanding of risk and controls. Key elements of an effective Training program: q Scope should be enterprise wide to include all personnel whose duties require knowledge of the BSA/AML requirements, including new hires q Content is tailored to the specific responsibilities of each area and target audience q Examples of money laundering activity and red flags are included q Attendance is documented and retained 35

Conclusions 36

How do you solve for the Conundrum? Strengthen relationships with business lines, regulators and law enforcement Understand risk through the risk assessment process Communication Education and training 37

How do you solve for the Conundrum? Here s your action list Ensure a clear definition and a mutual understanding of risk throughout the bank Implement controls Educate business lines, regulators and law enforcement about AML risk throughout the risk assessment process Ensure mutual understanding of BSA/AML risk between your bank, regulators and law enforcement 38

Questions? 39

Closing Remarks 40

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback